DPAPI Service Start access is denied

Discussion in 'ASP .Net Security' started by Martin, Sep 6, 2004.

  1. Martin

    Martin Guest

    Hi,

    Following the procedures for "How To:Use DPAPI (User Store) from ASP.NET
    with Enterprise Services" from Building Secure ASP NET Applciations pdf,
    after installing the service, I try to start it, but get the error
    "Services - Could not start the DPAPI Service server on Local Computer.
    Error 5: Access is denied".

    My OS is Windows XP Pro. The local account configured to run this service
    has "Log on as a batch job" and "Log on locally" user rights as per the
    instructions.

    What's the problem?

    Quick answer required, please

    Thanks
    Martin
    Martin, Sep 6, 2004
    #1
    1. Advertising

  2. Martin

    Martin Guest

    It works if I make the local dpapi account a member of local administrators,
    so there's nothing wrong with the code. I guess this is another security
    policy I need to set, but don't know which one.

    ????

    Martin

    "Martin" <> wrote in message
    news:%...
    > Hi,
    >
    > Following the procedures for "How To:Use DPAPI (User Store) from ASP.NET
    > with Enterprise Services" from Building Secure ASP NET Applciations pdf,
    > after installing the service, I try to start it, but get the error
    > "Services - Could not start the DPAPI Service server on Local Computer.
    > Error 5: Access is denied".
    >
    > My OS is Windows XP Pro. The local account configured to run this service
    > has "Log on as a batch job" and "Log on locally" user rights as per the
    > instructions.
    >
    > What's the problem?
    >
    > Quick answer required, please
    >
    > Thanks
    > Martin
    >
    >
    Martin, Sep 6, 2004
    #2
    1. Advertising

  3. I cannot reproduce the problem under Windows XP SP2. A few questions:

    1. Have you deviated in any way from the procedure described in that
    document?
    2. Of what group(s) is the local account a member?
    3. Is this happening on your dev machine or another machine on which you've
    installed the service?
    4. Prior to attempting to start the service, did you log on with the
    account credentials in order to create a profile for it?



    "Martin" <> wrote in message
    news:%...
    > Hi,
    >
    > Following the procedures for "How To:Use DPAPI (User Store) from ASP.NET
    > with Enterprise Services" from Building Secure ASP NET Applciations pdf,
    > after installing the service, I try to start it, but get the error
    > "Services - Could not start the DPAPI Service server on Local Computer.
    > Error 5: Access is denied".
    >
    > My OS is Windows XP Pro. The local account configured to run this service
    > has "Log on as a batch job" and "Log on locally" user rights as per the
    > instructions.
    >
    > What's the problem?
    >
    > Quick answer required, please
    >
    > Thanks
    > Martin
    >
    >
    Nicole Calinoiu, Sep 8, 2004
    #3
  4. Martin

    Martin Guest

    Hi Nicole,

    Please see my answers below. I am using Windows XP Sp1. Is there a way I
    can further detail on what acces is being to denied to what resource?

    Thanks for your help
    Martin

    "Nicole Calinoiu" <ngcalinoiu REMOVETHIS AT gmail DOT com> wrote in message
    news:%...
    > I cannot reproduce the problem under Windows XP SP2. A few questions:
    >
    > 1. Have you deviated in any way from the procedure described in that
    > document?

    I don't believe so, but how can I be sure? As I say the code works if the
    account is in local admins.

    > 2. Of what group(s) is the local account a member?

    Users

    > 3. Is this happening on your dev machine or another machine on which

    you've
    > installed the service?

    My dev machine

    > 4. Prior to attempting to start the service, did you log on with the
    > account credentials in order to create a profile for it?

    Yes, but i didn't stay logged on very long. How can I show that the profile
    is created? C:\Documents and Settings has a local sub dir for this user.

    >
    >
    >
    > "Martin" <> wrote in message
    > news:%...
    > > Hi,
    > >
    > > Following the procedures for "How To:Use DPAPI (User Store) from ASP.NET
    > > with Enterprise Services" from Building Secure ASP NET Applciations pdf,
    > > after installing the service, I try to start it, but get the error
    > > "Services - Could not start the DPAPI Service server on Local Computer.
    > > Error 5: Access is denied".
    > >
    > > My OS is Windows XP Pro. The local account configured to run this

    service
    > > has "Log on as a batch job" and "Log on locally" user rights as per the
    > > instructions.
    > >
    > > What's the problem?
    > >
    > > Quick answer required, please
    > >
    > > Thanks
    > > Martin
    > >
    > >

    >
    >
    >
    Martin, Sep 8, 2004
    #4
  5. Martin,

    If you've really followed the steps properly, then I'm a bit stumped. Here
    are a few things to try:

    1. Check if the user you want to use to launch the service actually has
    permissions to run the service executable and the DLLs. If not, adjust the
    ACLs to allow this.

    2. If #1 doesn't help, turn on audit logging of all access failures. To do
    this, launch the "Local Security Settings" mmc, then ensure that failure
    audit logging is enabled for every policy under Security Settings\Local
    Policies\Audit Policy. Once this is done, try launching the service again,
    then check the event log to see if any failures were logged due to the
    attempt.

    3. If #1 doesn't help, the only thing I can think of is to start over from
    scratch (new VStudio projects, new user, etc.) to ensure that you are
    actually following the procedure exactly.

    HTH,
    Nicole


    "Martin" <> wrote in message
    news:...
    > Hi Nicole,
    >
    > Please see my answers below. I am using Windows XP Sp1. Is there a way I
    > can further detail on what acces is being to denied to what resource?
    >
    > Thanks for your help
    > Martin
    >
    > "Nicole Calinoiu" <ngcalinoiu REMOVETHIS AT gmail DOT com> wrote in
    > message
    > news:%...
    >> I cannot reproduce the problem under Windows XP SP2. A few questions:
    >>
    >> 1. Have you deviated in any way from the procedure described in that
    >> document?

    > I don't believe so, but how can I be sure? As I say the code works if the
    > account is in local admins.
    >
    >> 2. Of what group(s) is the local account a member?

    > Users
    >
    >> 3. Is this happening on your dev machine or another machine on which

    > you've
    >> installed the service?

    > My dev machine
    >
    >> 4. Prior to attempting to start the service, did you log on with the
    >> account credentials in order to create a profile for it?

    > Yes, but i didn't stay logged on very long. How can I show that the
    > profile
    > is created? C:\Documents and Settings has a local sub dir for this user.
    >
    >>
    >>
    >>
    >> "Martin" <> wrote in message
    >> news:%...
    >> > Hi,
    >> >
    >> > Following the procedures for "How To:Use DPAPI (User Store) from
    >> > ASP.NET
    >> > with Enterprise Services" from Building Secure ASP NET Applciations
    >> > pdf,
    >> > after installing the service, I try to start it, but get the error
    >> > "Services - Could not start the DPAPI Service server on Local Computer.
    >> > Error 5: Access is denied".
    >> >
    >> > My OS is Windows XP Pro. The local account configured to run this

    > service
    >> > has "Log on as a batch job" and "Log on locally" user rights as per the
    >> > instructions.
    >> >
    >> > What's the problem?
    >> >
    >> > Quick answer required, please
    >> >
    >> > Thanks
    >> > Martin
    >> >
    >> >

    >>
    >>
    >>

    >
    >
    Nicole Calinoiu, Sep 9, 2004
    #5
  6. Martin

    Martin Guest

    Nicole,

    My local account didn't have access to the dlls and exe. The basic service
    runs now I have given the account read and execute permissions. I haven't
    done any other testing or completed the last steps of the how to yet, but I
    am over that hurdle.

    Thanks very much for yoiur help.

    Martin

    "Nicole Calinoiu" <ngcalinoiu REMOVETHIS AT gmail DOT com> wrote in message
    news:...
    > Martin,
    >
    > If you've really followed the steps properly, then I'm a bit stumped.

    Here
    > are a few things to try:
    >
    > 1. Check if the user you want to use to launch the service actually has
    > permissions to run the service executable and the DLLs. If not, adjust

    the
    > ACLs to allow this.
    >
    > 2. If #1 doesn't help, turn on audit logging of all access failures. To

    do
    > this, launch the "Local Security Settings" mmc, then ensure that failure
    > audit logging is enabled for every policy under Security Settings\Local
    > Policies\Audit Policy. Once this is done, try launching the service

    again,
    > then check the event log to see if any failures were logged due to the
    > attempt.
    >
    > 3. If #1 doesn't help, the only thing I can think of is to start over

    from
    > scratch (new VStudio projects, new user, etc.) to ensure that you are
    > actually following the procedure exactly.
    >
    > HTH,
    > Nicole
    >
    >
    > "Martin" <> wrote in message
    > news:...
    > > Hi Nicole,
    > >
    > > Please see my answers below. I am using Windows XP Sp1. Is there a way

    I
    > > can further detail on what acces is being to denied to what resource?
    > >
    > > Thanks for your help
    > > Martin
    > >
    > > "Nicole Calinoiu" <ngcalinoiu REMOVETHIS AT gmail DOT com> wrote in
    > > message
    > > news:%...
    > >> I cannot reproduce the problem under Windows XP SP2. A few questions:
    > >>
    > >> 1. Have you deviated in any way from the procedure described in that
    > >> document?

    > > I don't believe so, but how can I be sure? As I say the code works if

    the
    > > account is in local admins.
    > >
    > >> 2. Of what group(s) is the local account a member?

    > > Users
    > >
    > >> 3. Is this happening on your dev machine or another machine on which

    > > you've
    > >> installed the service?

    > > My dev machine
    > >
    > >> 4. Prior to attempting to start the service, did you log on with the
    > >> account credentials in order to create a profile for it?

    > > Yes, but i didn't stay logged on very long. How can I show that the
    > > profile
    > > is created? C:\Documents and Settings has a local sub dir for this user.
    > >
    > >>
    > >>
    > >>
    > >> "Martin" <> wrote in message
    > >> news:%...
    > >> > Hi,
    > >> >
    > >> > Following the procedures for "How To:Use DPAPI (User Store) from
    > >> > ASP.NET
    > >> > with Enterprise Services" from Building Secure ASP NET Applciations
    > >> > pdf,
    > >> > after installing the service, I try to start it, but get the error
    > >> > "Services - Could not start the DPAPI Service server on Local

    Computer.
    > >> > Error 5: Access is denied".
    > >> >
    > >> > My OS is Windows XP Pro. The local account configured to run this

    > > service
    > >> > has "Log on as a batch job" and "Log on locally" user rights as per

    the
    > >> > instructions.
    > >> >
    > >> > What's the problem?
    > >> >
    > >> > Quick answer required, please
    > >> >
    > >> > Thanks
    > >> > Martin
    > >> >
    > >> >
    > >>
    > >>
    > >>

    > >
    > >

    >
    >
    Martin, Sep 10, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Carl Prothman [MVP]
    Replies:
    1
    Views:
    4,163
    Ali_ggl
    Mar 17, 2008
  2. mangia

    Access Denied - Network Service vs Local Service

    mangia, Sep 23, 2004, in forum: ASP .Net Security
    Replies:
    3
    Views:
    238
    Ken Schaefer
    Sep 27, 2004
  3. Sachin Chavan

    DPAPI (Machine Store) Access Denied Problem.

    Sachin Chavan, May 10, 2006, in forum: ASP .Net Security
    Replies:
    7
    Views:
    201
    Dominick Baier [DevelopMentor]
    May 12, 2006
  4. Alex Washtell via .NET 247

    Web Service + Anon Access, but getting 401 Access Denied Error

    Alex Washtell via .NET 247, Apr 5, 2005, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    186
    Mauro Ottaviani [MSFT]
    Apr 5, 2005
  5. Rajiv Abraham
    Replies:
    3
    Views:
    281
    Rajiv Abraham
    Apr 16, 2010
Loading...

Share This Page